Massive Malicious Search Results Hit Google

In the 2nd week of November 2009, the security firm detected over 350,000 web-links, which contaminated Google search results by connecting them to fake antivirus software as well as other malicious programs.

Just one click on any of the innocent appearing search results leads the user to an intermediate domain such as 'moored2009.cn' or 'ionisationtools.cn.' From there, the server subsequently redirects the user to an ultimate destination, where he would find a pop-up, warning him that 31 malicious programs have been discovered on his system, so he must buy antivirus software, which actually turns out a fake.

The technique used in the attack becomes easy when inattentive web-masters neglect updating their sites' software and frequently. They unwittingly serve the content, both good and malicious, which emerge within the search engine hits.

Cyveillance in a report stated that on November 17, 2009, it found 261,000 malicious websites each of which had fake software for blog publishing. The malicious software sometimes hides in the widely used 'Coppermine,' a software for photo gallery. While the latest Coppermine version is 1.4.25, the attacks in discussion used version 1.4.24.

Furthermore, the report stated that the fake blogs regularly and automatically added new posts, titled strangely as 'uninvited song lyrics alanis morrissette morissette,' 'real world melinda and danny,' or 'las vegas rental no credit check.'

A few sites, appearing within the search hits, contain a Google alert. The reason for display of warning on few websites could be because the real assaults don't occur from the URLs displayed in the hits but from the websites to which Web surfers are craftily taken to; thus, minimizing the possibilities of finding Google-designated harmful sites.

To stay protected, the security experts at Cyveillance recommend that Web surfers must copy the intended URL and paste it into the address bar of their browser and then click 'enter' to view it. The attack takes place merely when the shrewdly hijacked blogging site discovers its visitor to be a Google user.